[PATCH] kvm, x86: Properly check whether a pfn is an MMIO or not

ntel.com> Cc: linux-kernel@vger.kernel.org Cc: k...@vger.kernel.org Cc: x...@kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/include/asm/e820.h | 1 + arch/x86/kernel/e820.c | 18 ++ arch/x86/kvm/mmu.c | 2 +- 3 files changed,

[PATCH v2] sparse: Track the boundaries of memory sections for accurate checks

ntel.com> Cc: Joe Perches <j...@perches.com> Cc: Tejun Heo <t...@kernel.org> Cc: Anthony Liguori <aligu...@amazon.com> Cc: linux...@kvack.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: Jan H. Schönherr <jscho...@ama

[PATCH] sparse: Track the boundaries of memory sections for accurate checks

org> Cc: Yaowei Bai <baiyao...@cmss.chinamobile.com> Cc: Dan Williams <dan.j.willi...@intel.com> Cc: Joe Perches <j...@perches.com> Cc: Tejun Heo <t...@kernel.org> Cc: Anthony Liguori <aligu...@amazon.com> Cc: linux...@kvack.org Cc: linux-kernel@vger.kernel.org Sig

[PATCH] xen: Remove event channel notification through Xen PCI platform device

;julien.gr...@citrix.com> Cc: Vitaly Kuznetsov <vkuzn...@redhat.com> Cc: Paul Gortmaker <paul.gortma...@windriver.com> Cc: Ross Lagerwall <ross.lagerw...@citrix.com> Cc: xen-de...@lists.xenproject.org Cc: linux-kernel@vger.kernel.org Cc: linux-...@vger.kernel.org Cc: Anthony Ligu

[PATCH] iommu: intel: Flush the IOTLB to get rid of the initial kdump mappings

bytes.org> Cc: David Woodhouse <dw...@infradead.org> Cc: David Woodhouse <d...@amazon.co.uk> Cc: Anthony Liguori <aligu...@amazon.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- drivers/iommu/intel-iommu.c | 5 - 1 file changed, 4 insertions(+), 1 delet

[PATCH v2] kvm: Map PFN-type memory regions as writable (if possible)

t; backing the memory region. So also enable it for memory regions that do not have a "struct page". Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...

[PATCH] pci: Do not read INTx PIN and LINE registers for virtual functions

... since INTx is not supported by-spec for virtual functions. Cc: Bjorn Helgaas <bhelg...@google.com> Cc: linux-...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: Jan H. Schönherr <jscho...@amazon.de> --- d

Re: [PATCH] pci: Do not read INTx PIN and LINE registers for virtual functions

On 01/17/2018 07:49 PM, Alex Williamson wrote: On Wed, 17 Jan 2018 19:30:29 +0100 KarimAllah Ahmed <karah...@amazon.de> wrote: ... since INTx is not supported by-spec for virtual functions. But the spec also states that VFs must implement the interrupt pin register as read-only ze

[PATCH] kvm: Map PFN-type memory regions as writable (if possible)

t; backing the memory region. So also enable it for memory regions that do not have a "struct page". Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@

[PATCH] pci: Store more data about VFs into the SRIOV struct

... to avoid reading them from the config space of all the PCI VFs. This is specially a useful optimization when bringing up thousands of VFs. Cc: Bjorn Helgaas <bhelg...@google.com> Cc: linux-...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@

[PATCH] kvm: x86: Use X86_CR4_PAE instead of X86_CR4_PAE_BIT while validating sregs

n <h...@zytor.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/x86.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index abd172

[RFC 04/10] x86/mm: Only flush indirect branches when switching into non dumpable process

; Signed-off-by: David Woodhouse <d...@amazon.co.uk> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/mm/tlb.c | 13 - 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index 304de7d..f64e80c 100644 --- a/arch/x86

[RFC 10/10] x86/enter: Use IBRS on syscall and interrupts

t;aarca...@redhat.com> Signed-off-by: Tim Chen <tim.c.c...@linux.intel.com> Signed-off-by: Thomas Gleixner <t...@linutronix.de> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Cc: Andi Kleen <a...@linux.intel.com> Cc: Peter Zijlstra <pet...@infradead.org> Cc

[RFC 07/10] x86: Simplify spectre_v2 command line parsing

Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kernel/cpu/bugs.c | 106 + 1 file changed, 58 insertions(+), 48 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 1d5e12f..349c7f4 100644 ---

[RFC 05/10] x86/speculation: Add basic IBRS support infrastructure

use <d...@amazon.co.uk> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- Documentation/admin-guide/kernel-parameters.txt | 1 + arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/nospec-branch.h| 2 - arch/x86/kernel/cpu/bugs.c

[RFC 08/10] x86/idle: Control Indirect Branch Speculation in idle

From: Thomas Gleixner Indirect Branch Speculation (IBS) is controlled per physical core. If one thread disables it then it's disabled for the core. If a thread enters idle it makes sense to reenable IBS so the sibling thread can run with full speculation enabled in user

[RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation

Tim Chen <tim.c.c...@linux.intel.com> Signed-off-by: Thomas Gleixner <t...@linutronix.de> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Cc: Andrea Arcangeli <aarca...@redhat.com> Cc: Andi Kleen <a...@linux.intel.com> Cc: Peter Zijlstra <pet...@infradead.or

[RFC 01/10] x86/speculation: Add basic support for IBPB

he asm too so it gets NOP'd out] Signed-off-by: Thomas Gleixner <t...@linutronix.de> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: David Woodhouse <d...@amazon.co.uk> --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/nospec-branch.h | 16 ++

[RFC 00/10] Speculation Control feature support

Woodhouse (1): x86/speculation: Add basic IBRS support infrastructure KarimAllah Ahmed (1): x86: Simplify spectre_v2 command line parsing Thomas Gleixner (4): x86/speculation: Add basic support for IBPB x86/speculation: Use Indirect Branch Prediction Barrier in context switch x86

[RFC 03/10] x86/speculation: Use Indirect Branch Prediction Barrier in context switch

From: Thomas Gleixner [peterz: comment] Signed-off-by: Thomas Gleixner Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: David Woodhouse --- arch/x86/mm/tlb.c | 10 +- 1 file changed, 9

Re: [PATCH] kvm: x86: Use X86_CR4_PAE instead of X86_CR4_PAE_BIT while validating sregs

Please ignore. I just noticed that a similar patch is already in Radim's tree and queued for linus. On 01/20/2018 07:08 PM, KarimAllah Ahmed wrote: Use the mask (X86_CR4_PAE) instead of the bit itself (X86_CR4_PAE_BIT) while validating sregs. Cc: Paolo Bonzini <pbonz...@redhat.com> Cc:

[RFC 02/10] x86/kvm: Add IBPB support

15720739-43819-6-git-send-email-ashok@intel.com Signed-off-by: David Woodhouse <d...@amazon.co.uk> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/svm.c | 14 ++ arch/x86/kvm/vmx.c | 4 2 files changed, 18 insertions(+) diff --git a/arch/x

[RFC 06/10] x86/speculation: Add inlines to control Indirect Branch Speculation

...@linutronix.de> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: David Woodhouse <d...@amazon.co.uk> --- arch/x86/include/asm/nospec-branch.h | 36 1 file changed, 36 insertions(+) diff --git a/arch/x86/include/asm/nospec-branch.h

Re: [RFC 10/10] x86/enter: Use IBRS on syscall and interrupts

On 01/21/2018 02:50 PM, Konrad Rzeszutek Wilk wrote: On Sat, Jan 20, 2018 at 08:23:01PM +0100, KarimAllah Ahmed wrote: From: Tim Chen <tim.c.c...@linux.intel.com> Stop Indirect Branch Speculation on every user space to kernel space transition and reenable it when returning to user

Re: [PATCH] x86: vmx: Allow direct access to MSR_IA32_SPEC_CTRL

0, Jim Mattson wrote: On Sun, Jan 28, 2018 at 11:29 AM, KarimAllah Ahmed wrote: Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for guests that will only mitigate Spectre V2 through IBRS+IBPB and will not be using a retpoline+IBPB based approach. To avoid the overhead of atom

Re: [PATCH v2 4/4] x86: vmx: Allow direct access to MSR_IA32_ARCH_CAPABILITIES

On 01/29/2018 07:55 PM, Jim Mattson wrote: Why should this MSR be pass-through? I doubt that it would be accessed frequently. True. Will update it to be emulated and allow user-space to set the value exposed. On Sun, Jan 28, 2018 at 4:58 PM, KarimAllah Ahmed <karah...@amazon.de>

Re: [PATCH v3 4/4] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

On 01/31/2018 01:27 AM, Jim Mattson wrote: On Tue, Jan 30, 2018 at 4:19 PM, Paolo Bonzini wrote: The new code in nested_vmx_merge_msr_bitmap should be conditional on vmx->save_spec_ctrl_on_exit. But then if L1 doesn't use MSR_IA32_SPEC_CTRL itself and it uses the

Re: [PATCH v3 4/4] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

On 01/30/2018 06:49 PM, Jim Mattson wrote: On Mon, Jan 29, 2018 at 4:10 PM, KarimAllah Ahmed <karah...@amazon.de> wrote: [ Based on a patch from Ashok Raj <ashok@intel.com> ] Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for guests that will only mitigat

[PATCH] x86: vmx: Allow direct access to MSR_IA32_SPEC_CTRL

..@redhat.com> Cc: David Woodhouse <d...@amazon.co.uk> Cc: Greg KH <gre...@linuxfoundation.org> Cc: Andy Lutomirski <l...@kernel.org> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: Ashok Raj <ashok@intel.com

Re: [PATCH v3 4/4] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

On 01/30/2018 11:49 PM, Jim Mattson wrote: On Tue, Jan 30, 2018 at 1:00 PM, KarimAllah Ahmed <karah...@amazon.com> wrote: Ooops! I did not think at all about nested :) This should be addressed now, I hope: http://git.infradead.org/linux-retpoline.git/comm

[PATCH v4 2/5] KVM: x86: Add IBPB support

Signed-off-by: Ashok Raj <ashok@intel.com> Signed-off-by: Peter Zijlstra (Intel) <pet...@infradead.org> Link: http://lkml.kernel.org/r/1515720739-43819-6-git-send-email-ashok....@intel.com Signed-off-by: David Woodhouse <d...@amazon.co.uk> Signed-off-by: Karim

[PATCH v4 3/5] KVM: VMX: Emulate MSR_IA32_ARCH_CAPABILITIES

ion.org> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Ashok Raj <ashok@intel.com> Reviewed-by: Paolo Bonzini <pbonz...@redhat.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: David Woodhouse <d...@amazon.co.uk> --- arch/x86/kvm/cpuid.c | 2 +-

[PATCH v4 0/5] KVM: Expose speculation control feature to guests

and IBRS_ALL. v4: - Add IBRS passthrough for SVM (5/5). - Handle nested guests properly. - expose F(IBRS) in kvm_cpuid_8000_0008_ebx_x86_features Ashok Raj (1): KVM: x86: Add IBPB support KarimAllah Ahmed (4): KVM: x86: Update the reverse_cpuid list to include CPUID_7_EDX KVM: VMX: Emulate

[PATCH v4 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

om> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: David Woodhouse <d...@amazon.co.uk> Cc: Greg KH <gre...@linuxfoundation.org> Cc: Andy Lutomirski <l...@kernel.org> Cc: Ashok Raj <ashok@intel.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-

[PATCH v4 1/5] KVM: x86: Update the reverse_cpuid list to include CPUID_7_EDX

er.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Paolo Bonzini <pbonz...@redhat.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: David Woodhouse <d...@amazon.co.uk> --- arch/x86/kvm/cpuid.c | 8 +++- arch/x86/kvm/cpuid.h | 1 + 2 files chan

[PATCH v4 5/5] KVM: SVM: Allow direct access to MSR_IA32_SPEC_CTRL

ion.org> Cc: Andy Lutomirski <l...@kernel.org> Cc: Ashok Raj <ashok@intel.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: David Woodhouse <d...@amazon.co.uk> --- arch/x86/kvm/svm.c | 58 ++ 1

Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

On 02/01/2018 03:19 PM, Konrad Rzeszutek Wilk wrote: .snip.. +/* Is SPEC_CTRL intercepted for the currently running vCPU? */ +static bool spec_ctrl_intercepted(struct kvm_vcpu *vcpu) +{ + unsigned long *msr_bitmap; + int f = sizeof(unsigned long); + + if

[PATCH v7] KVM: SVM: Allow direct access to MSR_IA32_SPEC_CTRL

ion.org> Cc: Andy Lutomirski <l...@kernel.org> Cc: Ashok Raj <ashok@intel.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: David Woodhouse <d...@amazon.co.uk> --- v6: - ditch save_spec_ctrl_on_ex

[PATCH v2 2/4] x86: vmx: Allow direct access to MSR_IA32_SPEC_CTRL

..@redhat.com> Cc: David Woodhouse <d...@amazon.co.uk> Cc: Greg KH <gre...@linuxfoundation.org> Cc: Andy Lutomirski <l...@kernel.org> Cc: Ashok Raj <ashok@intel.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- v2: - remove 'host_spec_ctrl' in

[PATCH v2 1/4] x86: kvm: Update the reverse_cpuid list to include CPUID_7_EDX

Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: Thomas Gleixner <t...@linutronix.de> Cc: Ingo Molnar <mi...@redhat.com> Cc: H. Peter Anvin <h...@zytor.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel

Re: [PATCH] x86: vmx: Allow direct access to MSR_IA32_SPEC_CTRL

On 01/28/2018 09:21 PM, Konrad Rzeszutek Wilk wrote: On January 28, 2018 2:29:10 PM EST, KarimAllah Ahmed <karah...@amazon.de> wrote: Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for guests that will only mitigate Spectre V2 through IBRS+IBPB and will not be

[PATCH v2 0/4] KVM: Expose speculation control feature to guests

and IBRS_ALL. Ashok Raj (1): x86/kvm: Add IBPB support KarimAllah Ahmed (3): x86: kvm: Update the reverse_cpuid list to include CPUID_7_EDX x86: vmx: Allow direct access to MSR_IA32_SPEC_CTRL x86: vmx: Allow direct access to MSR_IA32_ARCH_CAPABILITIES arch/x86/kvm/cpuid.c | 6 - arch

[PATCH v2 4/4] x86: vmx: Allow direct access to MSR_IA32_ARCH_CAPABILITIES

gt; Cc: Jun Nakajima <jun.nakaj...@intel.com> Cc: Andy Lutomirski <l...@kernel.org> Cc: Greg KH <gre...@linuxfoundation.org> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Ashok Raj <ashok@intel.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/c

[PATCH v2 3/4] x86/kvm: Add IBPB support

rg> Cc: Greg KH <gre...@linuxfoundation.org> Cc: Paolo Bonzini <pbonz...@redhat.com> Signed-off-by: Ashok Raj <ashok@intel.com> Signed-off-by: Peter Zijlstra (Intel) <pet...@infradead.org> Link: http://lkml.kernel.org/r/1515720739-43819-6-git-send-email-ashok....@int

Re: [PATCH] x86: vmx: Allow direct access to MSR_IA32_SPEC_CTRL

On 01/29/2018 09:46 AM, David Woodhouse wrote: On Sun, 2018-01-28 at 16:39 -0800, Liran Alon wrote: Windows use IBRS and Microsoft don't have any plans to switch to retpoline. Running a Windows guest should be a pretty common use-case no? In addition, your handle of the first WRMSR intercept

Re: [PATCH v2 2/4] x86: vmx: Allow direct access to MSR_IA32_SPEC_CTRL

On 01/29/2018 11:44 AM, Paolo Bonzini wrote: On 29/01/2018 01:58, KarimAllah Ahmed wrote: Add direct access to MSR_IA32_SPEC_CTRL for guests. This is needed for guests that will only mitigate Spectre V2 through IBRS+IBPB and will not be using a retpoline+IBPB based approach. To avoid

Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

On 02/01/2018 02:25 PM, David Woodhouse wrote: On Wed, 2018-01-31 at 23:26 -0500, Konrad Rzeszutek Wilk wrote: diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 6a9f4ec..bfc80ff 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -594,6 +594,14 @@ struct vcpu_vmx {  

Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

On 02/01/2018 06:37 PM, KarimAllah Ahmed wrote: On 02/01/2018 02:25 PM, David Woodhouse wrote: On Wed, 2018-01-31 at 23:26 -0500, Konrad Rzeszutek Wilk wrote: diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 6a9f4ec..bfc80ff 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm

Re: [PATCH v4 2/5] KVM: x86: Add IBPB support

On 01/31/2018 05:50 PM, Jim Mattson wrote: On Wed, Jan 31, 2018 at 5:10 AM, KarimAllah Ahmed <karah...@amazon.de> wrote: + vmx_disable_intercept_for_msr(vmx->vmcs01.msr_bitmap, MSR_IA32_PRED_CMD, + MSR_TYPE_W); Why no

Re: [PATCH v4 2/5] KVM: x86: Add IBPB support

On 01/31/2018 05:55 PM, Paolo Bonzini wrote: On 31/01/2018 11:50, Jim Mattson wrote: + if (to_vmx(vcpu)->save_spec_ctrl_on_exit) { + nested_vmx_disable_intercept_for_msr( + msr_bitmap_l1, msr_bitmap_l0, +

Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

On 01/31/2018 08:53 PM, Jim Mattson wrote: On Wed, Jan 31, 2018 at 11:37 AM, KarimAllah Ahmed <karah...@amazon.de> wrote: + + if (to_vmx(vcpu)->save_spec_ctrl_on_exit) { + nested_vmx_disable_intercept_for_msr( + msr_bitmap_l1, msr_

[PATCH v5 5/5] KVM: SVM: Allow direct access to MSR_IA32_SPEC_CTRL

ion.org> Cc: Andy Lutomirski <l...@kernel.org> Cc: Ashok Raj <ashok@intel.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: David Woodhouse <d...@amazon.co.uk> --- v5: - Add SPEC_CTRL to direct_access_msrs. --- arch/x86/kvm/svm.c | 59 +++

[PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

om> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: David Woodhouse <d...@amazon.co.uk> Cc: Greg KH <gre...@linuxfoundation.org> Cc: Andy Lutomirski <l...@kernel.org> Cc: Ashok Raj <ashok@intel.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-

[PATCH v5 2/5] KVM: x86: Add IBPB support

om> Signed-off-by: Ashok Raj <ashok@intel.com> Signed-off-by: Peter Zijlstra (Intel) <pet...@infradead.org> Link: http://lkml.kernel.org/r/1515720739-43819-6-git-send-email-ashok@intel.com Signed-off-by: David Woodhouse <d...@amazon.co.uk> Signed-off-by: KarimAllah Ah

[PATCH v5 3/5] KVM: VMX: Emulate MSR_IA32_ARCH_CAPABILITIES

ion.org> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Ashok Raj <ashok@intel.com> Reviewed-by: Paolo Bonzini <pbonz...@redhat.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: David Woodhouse <d...@amazon.co.uk> --- arch/x86/kvm/cpuid.c | 2 +-

[PATCH v5 1/5] KVM: x86: Update the reverse_cpuid list to include CPUID_7_EDX

er.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Paolo Bonzini <pbonz...@redhat.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: David Woodhouse <d...@amazon.co.uk> --- arch/x86/kvm/cpuid.c | 8 +++- arch/x86/kvm/cpuid.h | 1 + 2 files chan

[PATCH v5 0/5] KVM: Expose speculation control feature to guests

for SVM (5/5). - Handle nested guests properly. - expose F(IBRS) in kvm_cpuid_8000_0008_ebx_x86_features Ashok Raj (1): KVM: x86: Add IBPB support KarimAllah Ahmed (4): KVM: x86: Update the reverse_cpuid list to include CPUID_7_EDX KVM: VMX: Emulate MSR_IA32_ARCH_CAPABILITIES KVM: VMX

[PATCH v6 5/5] KVM: SVM: Allow direct access to MSR_IA32_SPEC_CTRL

ion.org> Cc: Andy Lutomirski <l...@kernel.org> Cc: Ashok Raj <ashok@intel.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: David Woodhouse <d...@amazon.co.uk> --- v5: - Add SPEC_CTRL to direct_access_msrs. --- arch/x86/kvm/svm.c | 59 +++

[PATCH v6 1/5] KVM: x86: Update the reverse_cpuid list to include CPUID_7_EDX

er.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Paolo Bonzini <pbonz...@redhat.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: David Woodhouse <d...@amazon.co.uk> --- arch/x86/k

[PATCH v6 3/5] KVM: VMX: Emulate MSR_IA32_ARCH_CAPABILITIES

: Paolo Bonzini <pbonz...@redhat.com> Cc: Ashok Raj <ashok@intel.com> Reviewed-by: Paolo Bonzini <pbonz...@redhat.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: David Woodhouse <d...@amazon.co.uk> --- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/vm

[PATCH v6 2/5] KVM: x86: Add IBPB support

om> Signed-off-by: Ashok Raj <ashok@intel.com> Signed-off-by: Peter Zijlstra (Intel) <pet...@infradead.org> Link: http://lkml.kernel.org/r/1515720739-43819-6-git-send-email-ashok@intel.com Signed-off-by: David Woodhouse <d...@amazon.co.uk> Signed-off-by: Karim

[PATCH v6 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

gt; Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: David Woodhouse <d...@amazon.co.uk> Cc: Greg KH <gre...@linuxfoundation.org> Cc: Andy Lutomirski <l...@kernel.org> Cc: Ashok Raj <ashok@intel.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Sign

[PATCH v6 0/5] KVM: Expose speculation control feature to guests

). - Handle nested guests properly. - expose F(IBRS) in kvm_cpuid_8000_0008_ebx_x86_features Ashok Raj (1): KVM: x86: Add IBPB support KarimAllah Ahmed (4): KVM: x86: Update the reverse_cpuid list to include CPUID_7_EDX KVM: VMX: Emulate MSR_IA32_ARCH_CAPABILITIES KVM: VMX: Allow direct access

Re: [PATCH v5 2/5] KVM: x86: Add IBPB support

On 01/31/2018 09:28 PM, Konrad Rzeszutek Wilk wrote: diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index d46a61b..2e4e8af 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -2285,6 +2285,7 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) if

Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

On 01/31/2018 09:18 PM, Jim Mattson wrote: On Wed, Jan 31, 2018 at 12:01 PM, KarimAllah Ahmed <karah...@amazon.com> wrote: but save_spec_ctrl_on_exit is also set for L2 write. So once L2 writes to it, this condition will be true and then the bitmap will be updated. So if L1 or any L2

Re: [PATCH v5 4/5] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

On 01/31/2018 11:52 PM, KarimAllah Ahmed wrote: On 01/31/2018 09:18 PM, Jim Mattson wrote: On Wed, Jan 31, 2018 at 12:01 PM, KarimAllah Ahmed <karah...@amazon.com> wrote: but save_spec_ctrl_on_exit is also set for L2 write. So once L2 writes to it, this condition will b

Re: [PATCH v5 2/5] KVM: x86: Add IBPB support

720739-43819-6-git-send-email-ashok@intel.com Signed-off-by: David Woodhouse <d...@amazon.co.uk> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- v6: - introduce pred_cmd_used v5: - Use MSR_TYPE_W instead of MSR_TYPE_R for the MSR. - Always merge the bitmaps unconditionally.

[PATCH v3 4/4] KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL

om> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: David Woodhouse <d...@amazon.co.uk> Cc: Greg KH <gre...@linuxfoundation.org> Cc: Andy Lutomirski <l...@kernel.org> Cc: Ashok Raj <ashok@intel.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-of

[PATCH v3 3/4] KVM: VMX: Emulate MSR_IA32_ARCH_CAPABILITIES

ion.org> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Ashok Raj <ashok@intel.com> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: David Woodhouse <d...@amazon.co.uk> --- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/vmx.c | 15 +++ arch/x86/kvm/x86

[PATCH v3 0/4] KVM: Expose speculation control feature to guests

and IBRS_ALL. Ashok Raj (1): KVM: x86: Add IBPB support KarimAllah Ahmed (3): KVM: x86: Update the reverse_cpuid list to include CPUID_7_EDX KVM: VMX: Emulate MSR_IA32_ARCH_CAPABILITIES KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL arch/x86/kvm/cpuid.c | 22 ++ arch/x86

Re: [PATCH v3 3/4] KVM: VMX: Emulate MSR_IA32_ARCH_CAPABILITIES

On 01/30/2018 01:22 AM, Raj, Ashok wrote: On Tue, Jan 30, 2018 at 01:10:27AM +0100, KarimAllah Ahmed wrote: Future intel processors will use MSR_IA32_ARCH_CAPABILITIES MSR to indicate RDCL_NO (bit 0) and IBRS_ALL (bit 1). This is a read-only MSR. By default the contents will come directly from

Re: [PATCH v3 0/4] KVM: Expose speculation control feature to guests

On 01/30/2018 10:00 AM, David Woodhouse wrote: On Tue, 2018-01-30 at 01:10 +0100, KarimAllah Ahmed wrote: Add direct access to speculation control MSRs for KVM guests. This allows the guest to protect itself against Spectre V2 using IBRS+IBPB instead of a retpoline+IBPB based approach

[PATCH v3 2/4] KVM: x86: Add IBPB support

...@intel.com> Signed-off-by: Peter Zijlstra (Intel) <pet...@infradead.org> Link: http://lkml.kernel.org/r/1515720739-43819-6-git-send-email-ashok....@intel.com Signed-off-by: David Woodhouse <d...@amazon.co.uk> Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> ---

[PATCH v3 1/4] KVM: x86: Update the reverse_cpuid list to include CPUID_7_EDX

er.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Signed-off-by: David Woodhouse <d...@amazon.co.uk> --- arch/x86/kvm/cpuid.c | 8 +++- arch/x86/kvm/cpuid.h | 1 + 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/arch/x8

[RFC 02/12] KVM/VMX: Use the new host mapping API for apic_access_page

f this use-case as well. Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/vmx.c | 33 + 1

[RFC 05/12] KVM/VMX: Use the new host mapping API for mapping nested vmptr

se as well. Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/vmx.c | 14 ++ 1 file changed, 6 insertions(+)

[RFC 12/12] KVM/VMX: Remove kvm_vcpu_gpa_to_page as it is now unused

Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- include/linux/kvm_host.h | 6 -- 1 file changed, 6 deletions(-) diff --g

[RFC 08/12] KVM/VMX: Use the new host mapping API for mapping nested PML

s use-case as well. Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/vmx.c | 11 +-- 1 file changed, 5 insertions(+)

[RFC 07/12] KVM/VMX: Use the new host mapping API for mapping L12 MSR bitmap

f this use-case as well. Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/vmx.c | 11 +-- 1 file changed, 5 inserti

[RFC 00/12] KVM/X86: Introduce a new guest mapping API

is is an acceptable API. Most of the offending code paths that has been updated are in the nested code base. Mostly because I stumbled upon this code while looking at the nested MSR bitmap handling for the IBRS patches. There are also offending code paths in SVM code, but I will do that once the inte

[RFC 10/12] KVM/VMX: Use the new host mapping API for synic_clear_sint_msg_pending

Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/hyperv.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deleti

[RFC 11/12] KVM/VMX: Use the new host mapping API for synic_deliver_msg

Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/hyperv.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deleti

[RFC 03/12] KVM/VMX: Use the new host mapping API for virtual_apic_page

f this use-case as well. Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/vmx.c | 34 -- 1

[RFC 09/12] KVM/VMX: Use the new host mapping API for cmpxchg_emulated

Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/x86.c | 12 +--- 1 file changed, 5 insertions(+), 7 deletions(-)

Re: [RFC 05/12] KVM/VMX: Use the new host mapping API for mapping nested vmptr

On 02/05/2018 11:15 PM, Jim Mattson wrote: On Mon, Feb 5, 2018 at 10:49 AM KarimAllah Ahmed <karah...@amazon.de> wrote: @@ -7410,19 +7410,17 @@ static int handle_vmon(struct kvm_vcpu *vcpu) return kvm_skip_emulated_instruction(vcpu); } -

[PATCH 3/3] X86/nVMX: Update the MSR_BITMAP field with the L02 MSR BITMAP

... otherwise we will just be running with the L1 MSR BITMAP! It does not seem that we ever update the MSR_BITMAP when the nested guest is running. The only place where we update the MSR_BITMAP field in VMCS is for the L1 guest! Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Cc:

[PATCH 2/3] KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap

ccess to MSR_IA32_SPEC_CTRL") this was probably OK since the decision was always identical. This is no longer the case now since the MSR bitmap might actually change once we decide to not intercept SPEC_CTRL and PRED_CMD. Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Cc: Paol

[PATCH 1/3] X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs

: 086e7d4118cc ("KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL") Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org --- arch/x8

Re: [PATCH 3/3] X86/nVMX: Update the MSR_BITMAP field with the L02 MSR BITMAP

On 02/10/2018 12:26 AM, Jim Mattson wrote: On Thu, Feb 8, 2018 at 2:53 PM, KarimAllah Ahmed <karah...@amazon.de> wrote: ... otherwise we will just be running with the L1 MSR BITMAP! It does not seem that we ever update the MSR_BITMAP when the nested guest is running. The only place wh

Re: [PATCH 3/3] X86/nVMX: Update the MSR_BITMAP field with the L02 MSR BITMAP

On 02/10/2018 12:57 AM, Jim Mattson wrote: On Fri, Feb 9, 2018 at 3:41 PM, KarimAllah Ahmed <karah...@amazon.com> wrote: I assume you are referring to this: https://patchwork.kernel.org/patch/10194819/ .. which is now: commit 904e14fb7cb9 ("KVM: VMX: make MSR bitmaps per-VC

Re: [RFC 03/12] KVM/VMX: Use the new host mapping API for virtual_apic_page

On 02/05/2018 11:26 PM, Jim Mattson wrote: On Mon, Feb 5, 2018 at 10:48 AM KarimAllah Ahmed <karah...@amazon.de> wrote: @@ -5264,9 +5264,8 @@ static void vmx_complete_nested_posted_interrupt(struct kvm_vcpu *vcpu) max_irr = find_last_bit((unsigned long *)vmx->nested.pi_

Re: [RFC 00/12] KVM/X86: Introduce a new guest mapping API

On 02/05/2018 08:26 PM, Mihai Donțu wrote: On Mon, 2018-02-05 at 19:47 +0100, KarimAllah Ahmed wrote: Guest memory can either be directly managed by the kernel (i.e. have a "struct page") or they can simply live outside kernel control (i.e. do not have a "struct page")

[RFC 04/12] KVM/VMX: Use the new host mapping API for pi_desc_page

s use-case as well. Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/vmx.c | 40 ++-- 1

[RFC 01/12] KVM: Introduce helper functions to map/unmap guest memory

uct page"). Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- include/linux/kvm_host.h | 18 +++

[RFC 06/12] KVM/VMX: Use the new host mapping API for handle_vmptrld

Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: Radim Krčmář <rkrc...@redhat.com> Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/vmx.c | 16 1 file changed, 8 insertions(+), 8 deleti

[PATCH] X86/UAPI: Use __u64 instead of u64 in hyperv.h

... since u64 has a hidden header dependency that was not there before using it (i.e. it breaks our VMM build). Also, __u64 is the right way to expose the data type through UAPI. Fixes: 93286261 ("x86/hyperv: Reenlightenment notifications support") Signed-off-by: KarimAllah Ah

[RFC 0/2] KVM/nVMX: Add support for saving and restoring L1 hypervisors with its running L2s

there is some meta-state that I am not extracting yet (will update this soon). L1 seems to be very stable though. KarimAllah Ahmed (2): KVM/nVMX: Cleanly exit from L2 to L1 on user-space exit KVM/nVMX: Add support for saving/restoring L2 meta-state stored by L0 arch/x86/include/asm/kvm_host.h

[PATCH 02/10] X86/nVMX: handle_vmptrld: Copy the VMCS12 directly from guest memory instead of map->copy->unmap sequence.

... which also avoids using kvm_vcpu_gpa_to_page() and kmap() which assumes that there is a "struct page" for guest memory. Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/vmx.c | 26 +++--- 1 file changed, 7 insertions(+), 19 deletion

[PATCH 08/10] KVM/X86: Use kvm_vcpu_map in emulator_cmpxchg_emulated

... since using kvm_vcpu_gpa_to_page() and kmap() will only work for guest memory that has a "struct page". Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/x86.c | 13 ++--- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/

[PATCH 07/10] KVM/nVMX: Use kvm_vcpu_map when mapping the posted interrupt descriptor table

y unmapped when a new VMCS12 is loaded into the vCPU (or when the vCPU is freed!). Signed-off-by: KarimAllah Ahmed <karah...@amazon.de> --- arch/x86/kvm/vmx.c | 45 + 1 file changed, 13 insertions(+), 32 deletions(-) diff --git a/arch/x86/kvm/vmx.

  1   2   3   4   5   >